Privacy Policy

CIT Sewer Solutions(“CIT,” “we,” “us,” or “our”) operates new.bostonpipeliningcompany.com and the related contact, quote, and inspection-request channels described below. This policy is written to mirror what the site actually does: every category we list maps to a specific table in our database, a specific API route, or a specific third-party service. If you spot a gap between this page and our behavior, email info@citsewer.com and we will fix it.

Two consent modes: minimal vs. full

On your first visit you see a banner at the bottom of the page asking you to choose between “Necessary only” and “Accept all.” Until you choose, the site treats you as if you had selected “Necessary only.”

• Minimal mode (default before a decision, and after declining): we record only an anonymous, daily, per-page view counter along with an approximate country derived from the request, then immediately discarded. No session ID, no IP address, no city, no referrer, no UTM parameters, no click events, and no third-party analytics scripts run.
• Full mode (after explicitly accepting): in addition to anonymous page-view counts, we issue your browser a random session UUID stored in localStorage and use it to record the page path, referrer, UTM parameters, the IP address Vercel sees, an approximate city/country from that IP, and the timestamps of clicks on phone numbers and outbound links. Vercel Analytics and (when configured by an admin) Google Analytics also run only in this mode.

You can switch back at any time using the “Privacy preferences” link in the footer. Resetting reopens the banner and immediately drops the site back into minimal mode, unmounts the analytics scripts, and stops dispatching click and session beacons.

What forms collect

When you submit a quote, inspection, calculator, or general-contact form, we store exactly the fields you typed plus a small audit trail in our form_submissions table. That record includes:

• The first name, last name, email, phone, organization, project location, service interests, and any free-text message you entered.
• The form’s identifier (which form on which page) and the submission timestamp.
• If you were in full-consent mode, the session UUID, IP address, approximate geo, referrer, and UTM parameters that were associated with your visit at the moment you submitted — we use this for attribution only, not for retargeting.
• A snapshot of the consent disclosure text and checkbox state at the time of submission, so we have a verifiable record of exactly what you saw and agreed to.

We do notcapture or persist what you type before you click “Submit.” Closing the tab without submitting leaves nothing behind on our servers.

SMS messaging consent

Some forms include separate, optional checkboxes for receiving text messages from us. The two checkboxes are independent and never pre-checked unless an admin specifically configures them that way:

• Transactional messages— if you opt in, you may receive direct communications about the specific request you submitted (scheduling, on-site arrival, follow-up questions). We send these manually from our dispatch line; reply STOP at any time to opt out and HELP for assistance. Message and data rates may apply.
• Marketing messages— if you opt in separately, you may also receive occasional promotional or informational texts. The same STOP / HELP keywords apply, and you can opt out of marketing messages without affecting transactional ones.

We never share your phone number with third parties for their own marketing, and we never use SMS opt-in to grant ourselves any other contact permission. Each opt-in is recorded in your form submission with a timestamp and a copy of the exact wording you saw.

Cookies and local storage

We do not use third-party advertising cookies. The site stores a small number of values in your browser’s localStorage and sessionStorage:

• Your consent decision (accepted or declined, plus the version of the policy you saw).
• Your theme and accessibility preferences (light / dark, reduced motion, font size).
• When in full mode, a random session UUID and the UTM / referrer values from your first landing page in this session.

Clearing your site data in your browser wipes all of these values.

Where data lives and who can see it

• Database: Supabase (Postgres) on US infrastructure. Anonymous page-view counts live in anon_page_views; form submissions live in form_submissions; full-mode tracking lives in attribution_sessions, page_views, and site_events.
• Hosting:Vercel. Their edge network sees every request and applies its own bot detection. Vercel Analytics—the script that reports anonymous performance and page-view counts back to Vercel—loads only in full mode and only on the production deployment.
• Email: outbound notifications about your form submission go through our transactional email provider so we can reply to you.
• Internal admin tools: a small number of CIT staff can view submissions and aggregated traffic dashboards through a password-protected admin panel served by this same site.

We do not sell personal information, and we do not feed your contact details to advertising networks.

How long we keep things

• Form submissions and email: kept for as long as we have an active project, bid, or working relationship with you, plus a reasonable period thereafter for accounting, insurance, and warranty obligations. Records older than that are deleted or anonymized.
• Full-mode tracking (sessions, page views, site events): purged automatically by a scheduled job after 90 days. Aggregated anonymous counts may be retained longer for historical trending.
• Anonymous page views: retained indefinitely; they contain no identifiers.

Your choices and rights

• Change tracking level:use the “Privacy preferences” link in the footer to reopen the consent banner and switch between minimal and full at any time.
• Stop SMS: reply STOP to any text message from us, or email info@citsewer.com with the phone number to remove.
• Access, correct, or delete the personal information we hold about you by emailing info@citsewer.com from the address we have on file (or providing enough detail to verify the request). We will respond within 30 days.
• California residents may exercise CCPA/CPRA rights to know, delete, correct, and opt out of “sharing” (we do not sell or share for cross-context behavioral advertising). EU/UK residents may exercise comparable rights under GDPR/UK GDPR.

Security

We use TLS for all data in transit, role-limited service-role keys for our database, encrypted storage at our hosting and database providers, and least-privilege access to the admin panel. No system is perfectly secure; we will notify affected users without undue delay if we ever discover a breach involving their personal information.

Children

The site is targeted at municipal, engineering, and commercial audiences. It is not directed to children and we do not knowingly collect personal information from anyone under 13.

Changes to this policy

Material changes are reflected by bumping the “Last updated” date above and, when warranted, surfacing a renewed banner so you can re-consent. Older versions are kept in our public repository’s git history.

Contact us

Questions about this policy, a data request, or an SMS opt-out?
Email: info@citsewer.com
Phone: 515-434-2248

See also our Terms of Use.